PT-2026-32903

Bridge | Heap-based Buffer Overflow CWE-122 CVE: CVE-2026-27310 PT ID: PT-2026-32903 Vendor: Adobe Product: Bridge CVSS: 7.8 Credits: n/a Description: Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code executio...

PT-2026-32891

Name of the Vulnerable Software and Affected Versions InDesign Desktop versions 20.5.2 and 21.2 and earlier Description A Heap-based Buffer Overflow occurs when a program writes more data to a heap-allocated memory block than it can hold. This issue could result in arbitrary code execution in the...

PT-2026-32889

Adobe Connect | Deserialization of Untrusted Data CWE-502 CVE: CVE-2026-34615 PT ID: PT-2026-32889 Vendor: Adobe Product: Adobe Connect CVSS: 9.3 Credits: n/a Description: Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could...

Webkul Krayin CRM 安全漏洞

Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses from the Indian company Webkul. Version 2.2.x of Webkul Krayin CRM contains a security vulnerability. This vulnerability stems from the admin/tinymce/upload endpoint, where an authenticated arbitrary fi...

APSB26-42 : Security update available for Adobe Illustrator

Adobe has released an update for Adobe Illustrator. This update resolves a critical vulnerability that could lead to arbitrary code execution...

APSB26-32 : Security update available for Adobe InDesign

Adobe has released a security update for Adobe InDesign. This update addresses critical and important vulnerabilities that could lead to arbitrary code execution, application denial-of-service, and memory exposure...

Adobe Connect 代码问题漏洞

Adobe Connect is a software developed by Adobe, a company based in the United States, used for creating meeting environments. The Adobe Connect version 2025.3, along with versions 12.10 and earlier, have code vulnerabilities. These vulnerabilities stem from untrusted data deserialization issues,...

Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC)

SUMMARY RUGGEDCOM CROSSBOW Station Access Controller SAC contains a vulnerability that could allow an attacker to achieve arbitrary code execution and to create a denial of service condition. Siemens has released a new version for RUGGEDCOM CROSSBOW Station Access Controller SAC and recommends...

APSB26-39 : Security update available for Adobe Bridge

Adobe has released a security update for Adobe Bridge. This update addresses critical and important vulnerabilities that could lead to arbitrary code execution and application denial-of-service...

APSB26-37 : Security update available for Adobe Connect

Adobe has released a security update for Adobe Connect. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution and privilege escalation...

APSB26-44 : Security update available for Adobe Acrobat Reader

Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution and arbitrary file system read...

SAP NetWeaver Application Server Java 代码注入漏洞

SAP NetWeaver Application Server Java is an application server provided by the German company SAP, which offers a Java runtime environment. This product is primarily used for developing and running Java EE applications. SAP NetWeaver Application Server Java has a code injection vulnerability; thi...

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI 4.5.138 and earlier contained a security vulnerability. This vulnerability stemmed from the automatic and uncleanly import of the tools.py file from the current working directory, which...

Adobe InDesign Desktop 缓冲区错误漏洞

Adobe InDesign Desktop is a page layout software from the American company Audobee Adobe. Adobe InDesign Desktop suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute arbitrary code on the system...

libsixel 输入验证错误漏洞

Libsixel is a software package developed by Hayaki Saito, which provides encoding/decoding implementations for DEC SIXEL graphics and other conversion programs. Versions of Libsixel 1.8.7 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from an...

Adobe ColdFusion 输入验证错误漏洞

Adobe ColdFusion is a rapid application development platform provided by Adobe Inc. This platform includes an integrated development environment and a scripting language. The version Adobe ColdFusion 2023.18, as well as versions prior to 2025.6, have a vulnerability related to input validation...

RHEL 8 : firefox (RHSA-2026:8052)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:8052 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libpng:...

Amazon Linux 2 : plexus-utils, --advisory ALAS2-2026-3233 (ALAS-2026-3233)

The version of plexus-utils installed on the remote host is prior to 3.0.9-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3233 advisory. Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus- utils before...

Adobe FrameMaker 2022 < 17.0.9 (2022.0.9) Multiple Vulnerabilities (APSB26-36)

The version of Adobe FrameMaker installed on the remote Windows host is prior to Adobe FrameMaker 2022 17.0.9. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb26-36 advisory. - Access of Resource Using Incompatible Type 'Type Confusion' CWE-843 potentially leading ...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Redis, Lua vulnerabilities (USN-8169-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8169-1 advisory. It was discovered that Redis incorrectly handled certain specially crafted Lua scripts. A remote attacker...